876 matches found
Use of Uninitialized Resource
Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the undopxr24impl function. An attacker can access sensitive heap memory contents by submitting a specially crafted EXR file that triggers the decoder to read uninitialized memory and include it in the...
ROS-20260401-73-0025
A vulnerability in the pngsetquantize function of the libpng PNG raster graphics library is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code using a specially generated PNG file...
ROS-20260401-73-0013
A vulnerability in the pngimagefinishread function of the pngimagefinishread library for handling bitmap graphics in the PNG libpng format is related to writing beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code by loading a...
EUVD-2026-14901
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...
CVE-2026-4775
The CVE-2026-4775 entry concerns the libtiff library. A signed integer overflow in putcontig8bitYCbCr44tile can be triggered by a specially crafted TIFF file, leading to an out-of-bounds heap write. Documented impact includes denial of service (crash) or arbitrary code execution. Affected details...
CVE-2026-30006
XnSoft NConvert 7.230 is affected by a vulnerability described as a Stack Buffer Overrun triggered by a crafted TIFF file. The issue relates to parsing TIFF data and can impact availability. The provided documents identify the affected product and the file type but do not disclose the exact root-...
CVE-2022-23906
CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution RCE vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file...
CVE-2022-26302
Heap-based buffer overflow exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file...
CVE-2022-27821
Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via genericunpack. An attacker can achieve arbitrary code execution by tricking a user into opening a specially crafted EXR file that exploits improper validation of user-supplied data, leading to a heap-based...
Heap-based Buffer Overflow
Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Heap-based Buffer Overflow via genericunpack. An attacker can achieve arbitrary code execution by tricking a user into opening a specially crafted EXR file that exploits...
CVE-2025-68469
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue...
CVE-2025-68469 ImageMagick vulnerable to heap-buffer-overflow
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue...
CVE-2025-68469
CVE-2025-68469 affects ImageMagick prior to 7.1.1-14, where processing a specially crafted TIFF file causes a crash. The issue is fixed in 7.1.1-14. For administrators, remediation is to upgrade ImageMagick to 7.1.1-14 or later (per the initial description and connected advisories referencing the...
EUVD-2025-204303
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue...
JLSEC-2025-262 Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a c...
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045...
JLSEC-2025-298 LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to...
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127...
JLSEC-2025-263 A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3....
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...
Linux Distros Unpatched Vulnerability : CVE-2025-11679
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Read in lwsupngemitnextline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is...
libtiff: Libtiff Write-What-Where
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...